IETF Logo Mail Archive

[tram] [Technical Errata Reported] RFC7635 (5059)

RFC Errata System <rfc-editor@rfc-editor.org> Wed, 05 July 2017 23:27 UTC

Return-Path: <wwwrun@rfc-editor.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E578812ECCB for <tram@ietfa.amsl.com>; Wed, 5 Jul 2017 16:27:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OyBoqmtsEnhW for <tram@ietfa.amsl.com>; Wed, 5 Jul 2017 16:27:22 -0700 (PDT)
Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CC5C120227 for <tram@ietf.org>; Wed, 5 Jul 2017 16:27:22 -0700 (PDT)
Received: by rfc-editor.org (Postfix, from userid 30) id C7CE5B80D80; Wed, 5 Jul 2017 16:26:44 -0700 (PDT)
To: tireddy@cisco.com, praspati@cisco.com, rmohanr@cisco.com, justin@uberti.name, spencerdawkins.ietf@gmail.com, ietf@kuehlewind.net, gonzalo.camarillo@ericsson.com, sperreault@jive.com
X-PHP-Originating-Script: 30:errata_mail_lib.php
From: RFC Errata System <rfc-editor@rfc-editor.org>
Cc: deadbeef@google.com, tram@ietf.org, rfc-editor@rfc-editor.org
Content-Type: text/plain; charset="UTF-8"
Message-Id: <20170705232644.C7CE5B80D80@rfc-editor.org>
Date: Wed, 05 Jul 2017 16:26:44 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/OJ_o3pE4xJcmNv769xF3d0OJE3Y>
X-Mailman-Approved-At: Thu, 06 Jul 2017 01:10:31 -0700
Subject: [tram] [Technical Errata Reported] RFC7635 (5059)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 23:27:24 -0000

The following errata report has been submitted for RFC7635,
"Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata/eid5059

--------------------------------------
Type: Technical
Reported by: Taylor Brandstetter <deadbeef@google.com>

Section: 6.2

Original Text
-------------
   key_length:  Length of the session key in octets.  The key length of
      160 bits MUST be supported (i.e., only the 160-bit key is used by
      HMAC-SHA-1 for message integrity of STUN messages).  The key
      length facilitates the hash agility plan discussed in Section 16.3
      of [RFC5389].


Corrected Text
--------------
   key_length:  Length of the session key in octets.

Notes
-----
RFC2104 section 2 states:

   The authentication key K can be of any length up to B, the
   block length of the hash function.  Applications that use keys longer
   than B bytes will first hash the key using H and then use the
   resultant L byte string as the actual key to HMAC.

Meaning any key length is allowed. The fact that the hash output is 20 bytes doesn't mean the key needs to be 20 bytes as well.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC7635 (draft-ietf-tram-turn-third-party-authz-16)
--------------------------------------
Title               : Session Traversal Utilities for NAT (STUN) Extension for Third-Party Authorization
Publication Date    : August 2015
Author(s)           : T. Reddy, P. Patil, R. Ravindranath, J. Uberti
Category            : PROPOSED STANDARD
Source              : TURN Revised and Modernized
Area                : Transport
Stream              : IETF
Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email